AC-02(07)—Account Management | Privileged User Accounts
Moderate
Core Control
>Control Description
(a) Establish and administer privileged user accounts in accordance with ☑a role-based access scheme; an attribute-based access scheme;
(b) Monitor privileged role or attribute assignments;
(c) Monitor changes to roles or attributes; and
(d) Revoke access when privileged role or attribute assignments are no longer appropriate.
>Discussion
Privileged roles are organization-defined roles assigned to individuals that allow those individuals to perform certain security-relevant functions that ordinary users are not authorized to perform. Privileged roles include key management, account management, database administration, system and network administration, and web administration. A role-based access scheme organizes permitted system access and privileges into roles.
In contrast, an attribute-based access scheme specifies allowed system access and privileges based on attributes.
>Cross-Framework Mappings
Ask AI
Configure your API key to use AI features.